Getting feedback and help from the community in the form of tickets is an extremely important part of the CakePHP development process. All of CakePHP’s tickets are hosted on GitHub.

Reporting Bugs

Well written bug reports are very helpful. There are a few steps to help create the best bug report possible:

  • Do: Please search for a similar existing ticket, and ensure someone hasn’t already reported your issue, or that it hasn’t already been fixed in the repository.

  • Do: Please include detailed instructions on how to reproduce the bug. This could be in the form of a test-case or a snippet of code that demonstrates the issue. Not having a way to reproduce an issue means it’s less likely to get fixed.

  • Do: Please give as many details as possible about your environment: (OS, PHP version, CakePHP version).

  • Don’t: Please don’t use the ticket system to ask support questions. Both the support channel on the CakePHP Slack workspace and the #cakephp IRC channel on Freenode have many developers available to help answer your questions. Also have a look at Stack Overflow or the official CakePHP forum.

Reporting Security Issues

If you’ve found a security issue in CakePHP, please use the following procedure instead of the normal bug reporting system. Instead of using the bug tracker, mailing list or IRC please send an email to security [at] Emails sent to this address go to the CakePHP core team on a private mailing list.

For each report, we try to first confirm the vulnerability. Once confirmed, the CakePHP team will take the following actions:

  • Acknowledge to the reporter that we’ve received the issue, and are working on a fix. We ask that the reporter keep the issue confidential until we announce it.

  • Get a fix/patch prepared.

  • Prepare a post describing the vulnerability, and the possible exploits.

  • Release new versions of all affected versions.

  • Prominently feature the problem in the release announcement.